 |
Department of Engineering |
 |
|
ssh - non-interactive use
This page attempts to explain some of the problems and decisions involved
in non-interactive use of ssh. If you're just looking for a recipe for
how to make it work, then see the
ssh authorized keys HOWTO page.
The secure shell, ssh, is most simply used to run processes on remote
machines interactively (that is, with the user typing the ssh command
at a keyboard or equivalent).
However it is sometimes desired to run processes on remote machines
automatically and without direct human involvement at the time of
running. For instance, a scheduled job (cron or
at job on unix systems, might need to execute
something remotely, and ssh tends (in the absence of support for
un-encrypted insecure protocols such as rsh or rexec) to be the
mechanism of choice for this.
This can be achieved in two ways:
- use of a .shosts file
- use of public/private key pairs and a authorized_keys
file
.shosts file
This should be discouraged in most circumstances, although on occasion it
is precisely the right solution to a problem. The problem with .shosts
files is that, while they're easy to set up, they do not provide very
precise control over what is permitted, and can as a result make the
system far more vulnerable to security problems where a successful attack
on one machine results in compromise of others.
This documentation will therefore not provide a guide to this method,
although it should be fairly obvious from the online man pages how to
make use of it.
authorized_keys
